Module class methods

validate(pems)

Validates the given chain of X509 certificates by performing common TLS validation procedures.

Parameters

pems

An Array with the chain of X509 certificates in PEM format (String) presented by the peer during the TLS handshake. The first element is the most-resolved certificate, followed by the successive intermediate certificates and the root (or CA) certificate at the end. It could be empty if the client does not present a TLS certificate.

Return value

The return value is an Array with the following fields:

cert

The OpenSSL::X509::Certificate instance of the first certificate provided by the peer (nil if the client did not present a certificate).

validated

true if the given certificate(s) are valid according to the TLS validation procedures, false otherwise, and nil when no certificate was provided by the peer or no CA’s were provided for TLS validation (ca_dir parameter within the tls section of oversip.conf).